Jump to content


Photo

Infections


  • Please log in to reply
19 replies to this topic

#1 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 22 June 2008 - 01:40 PM

Running a full scan with AVG 8.0, I came across the folloiwng. I would have posted this on the AVG forum, but no such option exists. AVG 8.0 File C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00002 C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005 C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005:\$JK\utility.dll Infection Trojan horse Startpage. CQS Result Infected Warnings HKLM\SOFTWARE\Classes\Software.IEToolbar Infection Found Adware.CoolWebSearch Result Potentially danagerous objecy

#2 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 22 June 2008 - 01:56 PM

Hello Gamekid,

Please download Ccleaner if you dont already have it( if you already have Ccleaner then simply run it). It will help clean out cookies and temp files which will speed up the SuperAntiSpyware scan and the BitDefender scan as well.

Ccleaner> http://www.ccleaner.com/ tutorial if you need> http://www.ccleaner....er-installation

> Please download and install SUPERAntiSpyware Home Edition (free edition)
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when itís finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.
You will see an install for Google toolbar, uncheck it if you don't want it added in the download.

Some of what AVG found looks like a false positive. But Run SuperAntiSpyware And also use BitDefender online AntiVirus scanner>
http://www.bitdefend...m/scan8/ie.html Allow the active x component to be installed and follow the prompts. ( Note you will need internet explorer to run BitDefender ) Post the SuperAntiSpyware log along with the BitDefender log. :)

Wademan

Edited by Wademan, 22 June 2008 - 02:39 PM.


#3 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 24 June 2008 - 07:46 PM

Hello Gamekid,

Please download Ccleaner if you dont already have it( if you already have Ccleaner then simply run it). It will help clean out cookies and temp files which will speed up the SuperAntiSpyware scan and the BitDefender scan as well.

Ccleaner> http://www.ccleaner.com/ tutorial if you need> http://www.ccleaner....er-installation

> Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when itís finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.
You will see an install for Google toolbar, uncheck it if you don't want it added in the download.

Some of what AVG found looks like a false positive. But Run SuperAntiSpyware And also use BitDefender online AntiVirus scanner>
http://www.bitdefend...m/scan8/ie.html Allow the active x component to be installed and follow the prompts. ( Note you will need internet explorer to run BitDefender ) Post the SuperAntiSpyware log along with the BitDefender log. :)

Wademan


I ran a full scan with super antispyware free edition. I used the professional version, I hope that is ok because you ask for the home version. Here is the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2008 at 05:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3489
Trace Rules Database Version: 1480

Scan type : Complete Scan
Total Scan Time : 01:40:42

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 5743
Registry threats detected : 0
File items scanned : 45396
File threats detected : 0

I also ran bit defender, here the log for that:
C:\Documents and Settings\Owner\Desktop\Misc\report for bit defender.html
I also came across this.
Potentially unwanted program

file name: C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll

Threat name: Adware Generic3.HBW
Detected on open

move to vault Add to exceptions Ignore Help

I clicked on add to exceptions. May not have been a good idea.

#4 mme

mme

    HOMELAND SECURITY. Fighting Terrorism Since 1492

  • Advanced Member
  • 6,795 posts
  • Gender:Male
  • Location:Northern Ontario,Canada


Posted 24 June 2008 - 09:39 PM

do a couple of online scans
one is trend housecall...found here
it will clean whatever it finds

http://housecall.trendmicro.com/

the other is kaspersky

http://www.kaspersky.com/virusscanner

file name: C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll

i believe that in your system restore it appears to be infected

Edited by mme, 24 June 2008 - 09:40 PM.


#5 Inprofile

Inprofile

    Old F@rt

  • Advanced Member
  • 4,604 posts
  • Gender:Male
  • Location:Dalbeattie


Posted 25 June 2008 - 08:40 AM

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00002
C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005
C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005:\$JK\utility.dll
Trojan horse Startpage. CQS
HKLM\SOFTWARE\Classes\Software.IEToolbar
Adware.CoolWebSearch


All part of AOL/AIM.

Link 1

Link 2

Link 3

"C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll}"

Navigate to Windows -> Prefetch Folder, You can delete it from there.

#6 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 25 June 2008 - 09:40 AM

All part of AOL/AIM.

Link 1

Link 2

Link 3

"C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll}"

Navigate to Windows -> Prefetch Folder, You can delete it from there.


If I go to housecall 6.6, what kind of scan do I want to run? If I go to the kaspersky online scanner, it tells me that
You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0
OK

I have the latest version of java at this time. If I go to the windows folder and the prefetch folder, I don't see any file with the mentioned file name.

#7 Inprofile

Inprofile

    Old F@rt

  • Advanced Member
  • 4,604 posts
  • Gender:Male
  • Location:Dalbeattie


Posted 25 June 2008 - 10:21 AM

If I go to the windows folder and the prefetch folder, I don't see any file with the mentioned file name.


Sorry, brain fart.

You will be able to remove it by turning off System Restore AFTER you are sure the rest of the pc is clean.

#8 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 25 June 2008 - 10:42 AM

Sorry, brain fart.

You will be able to remove it by turning off System Restore AFTER you are sure the rest of the pc is clean.


OK, I'll make a mental note of that. What about the online scanners?

#9 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,688 posts
  • Gender:Female


Posted 25 June 2008 - 10:51 AM

TrendMicro Housecall scan:
http://housecall.trendmicro.com/

MS - MVP Consumer Security 2006 thru 2014


#10 mme

mme

    HOMELAND SECURITY. Fighting Terrorism Since 1492

  • Advanced Member
  • 6,795 posts
  • Gender:Male
  • Location:Northern Ontario,Canada


Posted 25 June 2008 - 12:16 PM

http://housecall.trendmicro.com/

1-Click scan now its free
2-Next click on Launch HouseCall free scan
3-Accept Agreement
4-Choose Browser plugin..Housecall Kernel
5-Press starting housecall
6-Install active x..right click yellow bar at top of page
7-Press on the Run and choose
8-Scan Complete Computer For Malware,Grayware and Vunerabilities
9-Wait until scan is compltete
10-Once it complete your given an option to delete any infections
your asked to run housecall again but you can if you want to....but if your dealing with trojans ...running it a second time is a good idea Recomended One.....

Good Luck

Edited by mme, 25 June 2008 - 12:18 PM.


#11 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 26 June 2008 - 03:50 AM

Hi Gamekid,
It looks like most of what AVG found was indeed false positives. And the only left over is in your system restore, read this short guide on turning it on an off to clean virus from your system> http://www.pchell.co...emrestore.shtml

After you do that, then re-run scanners, they should be all clean.

Wademan

#12 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 26 June 2008 - 11:05 AM

Hi Gamekid,
It looks like most of what AVG found was indeed false positives. And the only left over is in your system restore, read this short guide on turning it on an off to clean virus from your system> http://www.pchell.co...emrestore.shtml

After you do that, then re-run scanners, they should be all clean.

Wademan


I ran the housecall scan and come across the following. I don't believe that there is any reason to keep any of this stuff?
ADWARE_INETTRAFFIC
ADWARE_SOFTOMATE
ADWARE_MEMWATCHER

#13 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 26 June 2008 - 11:18 AM

Hi Gamekid,
Yes those are all malware/junk. if you want to double check you can add this free scanner an run it> http://www.emsisoft..../software/free/

I hope you turned off system restore an re enabled it? That was the only way to remove that one malware entry from your pc, since it was routed in system restore.

The a2 scanner I am referring you to is just as powerful as SuperAntiSpyware. And best of all it's free. Make sure you select the free version. :)

Wademan

#14 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 26 June 2008 - 11:52 AM

Hi Gamekid,
Yes those are all malware/junk. if you want to double check you can add this free scanner an run it> http://www.emsisoft..../software/free/

I hope you turned off system restore an re enabled it? That was the only way to remove that one malware entry from your pc, since it was routed in system restore.

The a2 scanner I am referring you to is just as powerful as SuperAntiSpyware. And best of all it's free. Make sure you select the free version. :)

Wademan


I'll run the scan again and get rid of the malware. I just flushed system restore. I have quite a few scanners available on me.

Edited by Gamekid, 26 June 2008 - 07:07 PM.


#15 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 28 June 2008 - 11:47 AM

I'll run the scan again and get rid of the malware. I just flushed system restore. I have quite a few scanners available on me.


I have a reason to believe that the stuff that I have is causing my internet connection to go out, however I'm more concerned that when I run the housecall scan, my internet connection will go out before the scan is completed. My internet connection doesn't go out all the time, but it seems to be a chance of luck. I need to know if there is another way that I can get rid of that stuff without using an online scanner or another way of getting rid of the stuff with an online scanner? I did try going to safe mode with networking, however if I do that and go to the website, internet explorer crashes on me before the scan even starts. I'm in a very odd situation here. As a last resort, I can always reinstall windows, although I want to avoid that at all costs.

#16 mme

mme

    HOMELAND SECURITY. Fighting Terrorism Since 1492

  • Advanced Member
  • 6,795 posts
  • Gender:Male
  • Location:Northern Ontario,Canada


Posted 28 June 2008 - 08:13 PM

try downloading and updating drweb cureit

http://www.freedrweb.com/cureit/

#17 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 28 June 2008 - 11:20 PM

try downloading and updating drweb cureit

http://www.freedrweb.com/cureit/


What kind of a scan should I run with this tool?

#18 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 21,914 posts
  • Gender:Female


Posted 29 June 2008 - 07:32 AM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode


Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.

* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#19 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 29 June 2008 - 12:52 PM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode
Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.

* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


Here is the report from the DrWeb CureIt program.
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0077383.reg;C:\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP341;Trojan.StartPage.1505;Deleted.;

#20 Gamekid

Gamekid

    Advanced Member

  • Advanced Member
  • 646 posts

Posted 03 July 2008 - 10:45 PM

Here is the report from the DrWeb CureIt program.
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0077383.reg;C:\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP341;Trojan.StartPage.1505;Deleted.;


My internet connection has been working up until up, low and behold, tonight my internet connection goes out again. I'm hoping that I don't have what I had a week ago. Is there anything else that I can do or check so that my internet connection doesn't go out on me anymore?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users